issue with changing permissions

[rsettlage]

Hi, just a cautionary note for those pulling this image to run on a cluster. Using Singularity, --containall -c and mounting home in Documents, the change of permissions will result in your host home being at 777. Bob

[accetto]

Hello @rsettlage,

thank you for you feedback. Bound volumes and their permissions are pretty complex subjects, especially on Windows, and I would very welcome a good discussion about them. If you would agree to join it, I would be glad to set up a new GitHub discussion right in this project.

Actually, I'm not quite sure what exactly have you bound to what, but I've understood it like binding a directory in the Documents directory on your host (let's called it home_volume) to the mounting point /home/headless/ in the container. Am I right?

On Linux it would be something like this:

$ docker run -dP --name test -v /home/accetto/Documents/home_volume:/home/headless/ accetto/ubuntu-vnc-xfce-g3:vnc

If that's been the case, then your container would not start at all, if the directory home_volume would not been set to 777. You would find the following in the log:

$ docker logs test
mkdir: cannot create directory '/home/headless/.vnc': Permission denied
/dockerstartup/vnc_startup.rc: line 36: /home/headless/.vnc/passwd: No such file or directory
chmod: cannot access '/home/headless/.vnc/passwd': No such file or directory
/dockerstartup/vnc_startup.rc: line 43: /home/headless/.vnc/config: No such file or directory

It's because the container needs to create several directories and files during startup:

Bound volumes are generally intended for users that are aware about the tradeoffs. Docker authors themselves write about it on the page Manage data in Docker:

However, maybe I've missed your point, so feel free to comment. I would be glad to improve the containers in any way.

Regards, accetto

[rsettlage]

Hi, thanks for the response!! And a pretty nice image.

Right, I have several things going on that are not quite the same so may not be the best use case. First, I am using this image on Linux via Singularity, which without any binding changes is basically --bind=/home/rsettlag:/home/rsettlag . In one of the versions of the docker image, it does a 777 to my home. :( Which is the note above. Beware, or at least, be aware, if all your keys stop working, it is because your home is now open...

More importantly, for this image, when I do the above, I don't actually get a running desktop, the connection leaves me at a black screen. When I make it so it just stubs out my user --containall --writable-tmpfs, the container works, but other things do not because I lose all my important system directories. I would really like to be able to mount home to the expected place, ie /home/rsettlag so would like to figure out what the conflict or issue is that leaves me with a black screen instead of the noVNC login when I mount home.

[rsettlage]

Actually, just got it all working and love the container. The final tricks were dealing with the display.

[accetto]

I'm glad you've got it working. :)

[accetto]

Hello @rsettlage,

I want to thank you once more for noticing the permissions. It will be improved in the upcoming release 20.03.

Regards, accetto

[accetto]

The release 20.03 has been published yesterday.